Multi-domain authorization and authentication
First Claim
1. A method of multi-domain authorisation/authentication on a computer network comprises:
- a user making a request to a policy enforcement point (PEP) of a computer for access to a service on the computer of a first domain which requires authorisation for access from a second domain;
providing a location address for a meta policy decision point (MPDP) maintaining the user'"'"'s authorisation and/or authentication information provided from different issuing authorities, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored at a remote location;
a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information received from the MPDP or seeking authorisation/authentication from an address received from the MPDP, the address provided in the pre-stored authorisation/authentication/further personal information; and
the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the MPDP is hosted by a party independent from the user.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of multi-domain authorization/authentication on a computer network comprises: a user making a request to a policy enforcement point of a computer for access to information on the computer; providing a location address for a user'"'"'s authorization and/or authentication information, a policy decision point of the service on the computer network then verifying the authorization/authentication information; and the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorization/authentication and/or further information is located on a meta policy decision point (MPDP).
-
Citations
25 Claims
-
1. A method of multi-domain authorisation/authentication on a computer network comprises:
-
a user making a request to a policy enforcement point (PEP) of a computer for access to a service on the computer of a first domain which requires authorisation for access from a second domain; providing a location address for a meta policy decision point (MPDP) maintaining the user'"'"'s authorisation and/or authentication information provided from different issuing authorities, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored at a remote location; a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information received from the MPDP or seeking authorisation/authentication from an address received from the MPDP, the address provided in the pre-stored authorisation/authentication/further personal information; and the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the MPDP is hosted by a party independent from the user. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 20, 21, 24)
-
-
2. A method of multi-domain authorisation/authentication on a computer network comprises:
-
a user making a request to a policy enforcement point (PEP) of a computer of a first domain for access to a service on the computer which requires authorisation for access from a second domain; providing a location address for a meta policy decision point (MPDP) maintaining the user'"'"'s authorisation and/or authentication information provided from different issuing authorities, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored at a remote location; a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information received from the MPDP or seeking authorisation/authentication from an address received from the MPDP, the address provided in the pre-stored authorisation/authentication/further personal information; and the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein a plurality of MPDPs are provided and are operable to communicate with one another. - View Dependent Claims (3, 18, 22)
-
-
4. A method of multi-domain authorisation/authentication on a computer network comprises:
-
a user making a request to a policy enforcement point (PEP) of a computer of a first domain for access to information or a service on the computer which requires authorisation for access from a second domain; providing a location address for a meta policy decision point (MPDP) maintaining the use'"'"'s authorisation and/or authentication information provided from different issuing authorities, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored at a remote location; a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information received from the MPDP or seeking authorisation/authentication from an address received from the MPDP, the address provided in the pre-stored authorisation/authentication/further personal information; and the user being given access by the PEP to the information or the service requested, if the request is accepted, in which the information held on the MPDP is amendable by the user, to update the information. - View Dependent Claims (19, 23)
-
-
25. A method of enabling multi-domain authorisation/authentication on a computer network comprises:
providing storage and a location address independent from a user for the user'"'"'s authorisation and/or authentication information provided from different issuing authorities, at which address said information has been pre-stored, the location address being given by a user when a request to access a service on a computer network is made for which service authorisation is required, in which the service obtains authentication or authorisation information for validating said user from said location.
Specification